Add a new flow based on the "prompt:none" scope
IMPORTANT: this PR is best reviewed commit-wise. When testing, you will need to re-create the OAuth2 clients via the
scripts/create-clients.shscript.
This PR addresses #4 (closed) by teaching the consent app about a new scope: prompt:none. If this scope is present in the request and there is not currently a user logged in, the request is immediately denied without redirecting to the Raven login dialog. If the user is logged in, the request is processed as per normal. This can be used to support "background" login where we first check to see if we can log in without using a UI and only if that fails do we attempt UI-based login.
Most of the early commits are general tidy-ups required to implement the functionality of the PR.
63b9f716 provides the actual implementation of the prompt:none flow. The exact scope used is configurable via a Django setting.
d0d66be4 provides documentation for the new flow and adds an expanded section to the documentation on issuing tokens which may be used as a basis for testing this PR.
This PR is required by the new token timeout behaviour in uisautomation/iar-frontend#153.
Closes #4 (closed)